public
/
docker-automatic-nginx-letsencrypt
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Add initial version of docker-compose file.

pull/9/head
Chris Smith 8 years ago
commit
67ca7077f4
1 changed files with 132 additions and 0 deletions
Split View Show Diff Stats
  1. 132
    0
      docker-compose.yml

+ 132
- 0
docker-compose.yml View File 

@@ -0,0 +1,132 @@
1 
+---
2 
+
3 
+# Sets up a series of containers to automatically provision SSL certificates
4 
+# and configure nginx for reverse proxying. Containers that should be proxied
5 
+# need to be labelled with the following:
6 
+#
7 
+#   com.chameth.vhost="main.domain.com,alternate.domain.com,alt2.com,..."
8 
+#   com.chameth.proxy=80
9 
+#   com.chameth.proxy.protocol=http [optional, defaults to http]
10 
+#
11 
+# To prove ownership of domains to Let's Encrypt, we add a DNS entry when
12 
+# required. You will need to configure one of the letsencrypt-* services
13 
+# below to make these changes.
14 
+
15 
+version: '2'
16 
+
17 
+services:
18 
+
19 
+  # etcd is a key-value server. We use it to store meta-data about docker
20 
+  # containers which is then read by the service containers below.
21 
+  #
22 
+  # etcd can be distributed and accessed remotely, but this config is for
23 
+  # a single node instance.
24 
+  etcd:
25 
+    image: quay.io/coreos/etcd:v2.3.3
26 
+    command: >-
27 
+      --name etcd0
28 
+      --initial-cluster etcd0=http://127.0.0.1:2380
29 
+      --initial-advertise-peer-urls http://127.0.0.1:2380
30 
+      --initial-cluster-state new
31 
+      --initial-cluster-token etcd-cluster-1
32 
+      --bind-addr 0.0.0.0:2379
33 
+    networks:
34 
+      - etcd-services
35 
+
36 
+  # service-reporter interacts with docker (which is why it needs the
37 
+  # docker.sock mounted) to get a list of current containers, and
38 
+  # monitor when containers are added or removed. It keeps the information
39 
+  # in etcd up-to-date.
40 
+  reporter:
41 
+    image: csmith/service-reporter:latest
42 
+    links:
43 
+      - etcd:etcd
44 
+    volumes:
45 
+      - /var/run/docker.sock:/var/run/docker.sock
46 
+    networks:
47 
+      - etcd-services
48 
+    depends_on:
49 
+      - etcd
50 
+
51 
+  # service-letsencrypt reads a list of vhosts from container labels
52 
+  # (via etcd), and prepares a domains.txt file to send on to one of
53 
+  # the letsencrypt-* containers below.
54 
+  letsencrypt-updater:
55 
+    image: csmith/service-letsencrypt:latest
56 
+    volumes:
57 
+      - letsencrypt-data:/letsencrypt
58 
+    networks:
59 
+      - etcd-services
60 
+    depends_on:
61 
+      - etcd
62 
+
63 
+  # letsencrypt-lexicon obtains Let's Encrypt certificates by modifying
64 
+  # DNS records. It supports several major cloud DNS providers. You
65 
+  # need to set the provider and auth tokens below.
66 
+  letsencrypt-lexicon:
67 
+    image: csmith/letsencrypt-lexicon:latest
68 
+    volumes:
69 
+      - letsencrypt-data:/letsencrypt
70 
+    environment:
71 
+      - STAGING=yes
72 
+      - EMAIL=your@email.addr
73 
+      - PROVIDER=cloudflare
74 
+      - LEXICON_CLOUDFLARE_USERNAME=your@email.addr
75 
+      - LEXICON_CLOUDFLARE_TOKEN=1234567890123456789012345678901234567890
76 
+
77 
+  # letsencrypt-generic uses a user-defined hook to update DNS entries.
78 
+  # You need to supply your own hook, available at /dns/hook. See the
79 
+  # letsencrypt.sh repo for details about hook arguments.
80 
+  #letsencrypt-generic:
81 
+  #  image: csmith/letsencrypt-generic:latest
82 
+  #  volumes:
83 
+  #    - letsencrypt-data:/letsencrypt
84 
+  #    - /my/hook/script:/dns/hook
85 
+  #  environment:
86 
+  #    - STAGING=yes
87 
+  #    - EMAIL=your@email.addr
88 
+
89 
+  # service-nginx reads proxy information and vhosts from etcd and
90 
+  # creates an nginx vhost config to enable SSL-terminated reverse
91 
+  # proxying to the containers.
92 
+  nginx-updater:
93 
+    image: csmith/service-nginx:latest
94 
+    volumes:
95 
+      - nginx-config:/nginx-config
96 
+    networks:
97 
+      - etcd-services
98 
+    depends_on:
99 
+      - etcd
100 
+
101 
+  # Finally, nginx is what actually does the SSL termination and
102 
+  # reverse proxying. If any containers to be proxied are on
103 
+  # non-default networks, you'll need to specify them here and
104 
+  # below in the top-level networks section.
105 
+  #
106 
+  # TODO: Automatically reload config when changed
107 
+  # TODO: Redirect HTTP and add proper SSL options
108 
+  nginx:
109 
+    image: nginx:1.9
110 
+    volumes:
111 
+      - nginx-config:/etc/nginx/conf.d
112 
+      - letsencrypt-data:/letsencrypt
113 
+    ports:
114 
+      - 80:80
115 
+      - 443:443
116 
+    networks:
117 
+      - default
118 
+    # - mynetwork
119 
+
120 
+volumes:
121 
+
122 
+  letsencrypt-data:
123 
+
124 
+  nginx-config:
125 
+
126 
+networks:
127 
+
128 
+  etcd-services:
129 
+
130 
+  # To add pre-existing networks, mark them as 'external':
131 
+  #mynetwork:
132 
+  #  external: true

Write Preview
Loading…
Cancel
Save